Следующая
новость
Предыдущая
новость
16 May 2017

Vulnerability scanner MS17-010

As the attack was conducted through Microsoft Security Bulletin vulnerability MS17-010, our team has developed a special utility software – vulnerability scanner MS17-010. This utility performs network scanning in order to detect the vulnerability exploited by WannaCry malware.

Please feel free to use it and distribute among your clients and partners.

The scanner reveals four states of computer system:

  1. No vulnerability MS17-010 (no message from scanner);
  2. Detected vulnerability MS17-010;
  3. System is infected;
  4. Incorrect operation of SMB protocol.

The scanner is written in GO language. With GOLANG installed, you can use this scanner on any system or compile it for any platform yourself. Here is a link for GOLANG installation: https://golang.org/doc/install

Please, note that this utility might be detected by antivirus software as it uses a part of exploit in order to find the vulnerability. The archive contains .exe file and source code of the scanner. Here is the link for archive download: scanner.wannacry.7z

Usage instructions

$ scanner.exe -h
WannaCry scanner tool by BiZone

Usage of scanner.exe:

  • file string
File with list of targets to scan. Each address or netmask on new line.

  • ip string
IP address

  • net string
IP network address. Example: 10.0.1.0/24

  • out string
Output file with results of scan in CSV format. Example: results.csv

  • verbose
Verbose output

  • workers int
Count of concurrent workers. (default 200, max count 1000)

Examples:
scanner.exe -ip 10.0.1.12
scanner.exe -net 10.0.1.0/24
scanner.exe -file ips.txt -out vuln.csv

Download utility

scanner.wannacry.7z

Password for the archive

wannacry

Checksum

shasum scanner.exe
78801a61a36500e797979e41d118d762405d54d4 scanner.exe